| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Swift's object expirer in kilo series was incompatible with
gluster-swift. This change does the following:
* Optimizes crawl in account and container server for listing
requests for containers and tracker objects in gsexpiring volume.
* Enables container server to delete tracker objects from gsexpiring
volume. Swift's expirer sends request directly to container server
to remove tracker object entry.
* delete_tracker_object() is now a common utility function that is
invoked from container server and gluster-swift's object expirer.
* Run functional test to be run against both swift's object expirer
and gluster-swift's object expirer
Change-Id: Ib5b7f7f08fe7dda574f6dd80be2f38bdfaee32bc
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/14038
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change re-introduces object expiration feature with some internal
differences from earlier implementation such as:
* Creation of zero-byte tracker object is performed directly on the
mount point. Earlier HTTP request was sent to object server
for the same. This incurred overhead of metadata creation for
these zero-byte files which isn't necessarry as all required
information is encoded in the path itself.
* Crawling of zero-byte tracker objects is done by the object
expirer daemon itself and not container server.
* Deletion of tracker object is performed by the object expiration daemon
directly on mount point.
Deletion of actual data object is not carried out by object expiration
daemon directly. The object expirer sends a DELETE request to object
server which deletes the actual object. This behaviour is not changed.
There is no change in behaviour in comparison with older implementation.
This is asserted by re-enabling existing functional tests without
any changes.
Change-Id: I01dc77cc4db3be3147d54e3aa2a19ed182498900
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13913
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fetch metadata (xattr) for objects in a container ONLY when the
client asks for it (using content-type indicating JSON or XML response).
This avoids a lot of unnecessarry stat() and getxattr() calls whose
results would anyways be unused. The performance gain is obvious in
this case.
Change-Id: I4c8b0516dedd04553a5ed450bc855cafbfabada9
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13573
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During process of POST requests which updates object metadata (xattrs),
the following (ordered) sequence of syscalls were being made twice:
open(), fstat(), fgetxattr(), close()
Intuitively, one may assume that a getxattr() and setxattr() is enough
to fulfil the POST request as it is only supposed to update metadata.
But this isn't the case. The above series of syscalls is made first
during disk_file.open(). This will trigger an update of all stale
metadata (outdated size/etag) and the result is retained in a diskfile
class attribute named 'self._metadata'
Instead of using this pre-fetched metadata, the POST path was internally
invoking disk_file.open() again in disk_file.write_metadata(). This is
redundant and serves no purpose. self._metadata was being erased during
the context manager cleanup of disk_file.open()
This change is simple and does the following:
* Don't erase fetched metadata during context manager exit of open()
* Use a different internal variable to detect and raise DiskFileNotOpen
* Re-use self._metadata if available in disk_file.write_metadata()
Here's comparing syscalls made (POST path) with and without this fix:
https://bugzilla.redhat.com/show_bug.cgi?id=1314171#c4
Change-Id: Ib64c103e5904428df20ec6e8f10140f4f68e7f79
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13668
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fetch metadata (xattr) for containers in an account ONLY when the client
asks for it (using content-type indicating JSON or XML response).
This avoids a lot of unnecessarry stat() and getxattr() calls whose
results would anyways be unused. The performance gain is obvious in this
case.
This change is restricted to container listing. The same can be extended
to object listing as well (will be sent as a separate change)
Change-Id: Ibff1c5a90519f11053c0b651d8ea3385dda43a2f
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13497
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes does two things:
* Adds Sha512 as a supported auth_type.
* Fixes breakage when auth_type is changed in existing deployments.
If an existing gswauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.
With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows gswauth deployments
to change auth_type and old users will still be able to authorize.
A note on auth_type_salt:
There's still a distinction between how salt is managed in gswauth and
swauth: swauth will use a random salt if a salt is not set in conf file
where as gswauth will default to 'gswauthsalt' if a salt is not set in
conf file. This distinction is to ensure backward compatibility.
This change is derived from following upstream changes in swauth repo:
e14a7b3df86969d478090b314d9660b6d835afa7
https://review.openstack.org/#/c/285195/
https://review.openstack.org/#/c/285292/
Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13654
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This issue can be hit when swift3 middleware is in the pipeline.
This change is a backport of the following swauth change:
https://review.openstack.org/#/c/282191/
Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13641
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, in cases where swauth returns a JSON document as its body,
it does not specify a content type, and swob defaults it to text/html.
This change uses a standard content type of 'application/json' in each
of these instances, and adjusts the tests accordingly.
This is ported from following commit in swauth repo:
556aa156979741292bde78425f413f9dee639b4f
Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13521
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A fd was not being closed after it was duplicated. This code path can
be easily hit when doing a GET on a file that needs Etag (md5sum) to
be recalculated.
Change-Id: Ib2e10d990b9b2e1fa85d0079767892de8c8d4eec
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13593
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change removes redundant fstat() and fgetxattr() performed in
the GET path when object added from file interface is being accessed
for the first time via the object interface.
This is a manual backport of this change:
https://review.openstack.org/#/c/246365/
Change-Id: I29f56cef80c94779145e2948ba14f35817d46e0c
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13624
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change ports most of swiftonfile object server fixes and changes
into gluster-swift. Storage policy as a feature is not usable here
(it doesn't make sense).
The hacky way of creating zero byte tracker objects for object
expiration has not been ported to this release due to scalability
issues and the need to have a separate volume.
Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13269
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
| |
Change-Id: Iffdd56704330897fbde21f101c9b2ed03c2ae296
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Thiago da Silva <tdasilva@redhat.com>
Tested-by: Thiago da Silva <tdasilva@redhat.com>
Reviewed-on: http://review.gluster.org/13221
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change:
* Simplifies read_metadata() method.
* Validates pickle header before attempting to unpickle.
This change does NOT fix the security vulnerability itself.
That would be sent as a separate change.
Change-Id: Id95bd584f3ad00fb075456544495f17f7038f991
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Thiago da Silva <tdasilva@redhat.com>
Tested-by: Thiago da Silva <tdasilva@redhat.com>
Reviewed-on: http://review.gluster.org/13220
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a squashed commit imported from this repo:
https://github.com/openstack/swiftonfile/tree/icehouse
Contains the follwing commits from above mentioned repo:
eb50236 Merge "Backport: Fix metadata overall limits bug" into icehouse
79ea52a Backport: Fix metadata overall limits bug
bc43f0b Fix inconsistent data being returned on GET
ad0bb79 Import HTTPBadRequest from swift's module
74d02e6 Exclude .trashcan dir from container listing
b2dbc15 Catch ESTALE in addition to ENOENT
8d60b48 Properly handle read_metadata() exceptions
6762fc6 Fix object server leaking file descriptors
2842e82 Fix API incompatibility in update_metadata()
2beeef6 Merge "Remove swiftkerbauth code" into icehouse
93dbcb5 Update object-expirer.conf with explanations
c9d2f09 Merge "Check if /etc/swift exists in ring builder" into icehouse
d66c14c Remove swiftkerbauth code
3142ed2 Add object expiration functests
97153d1 Merge "Cleanup functest and undo old patch" into icehouse
bc234d0 Remove old travis config file and fix typo
260c8ef Check if /etc/swift exists in ring builder
637dac9 Cleanup functest and undo old patch
051e068 Merge pull request #35 from prashanthpai/backport-1
be104a3 Merge pull request #36 from prashanthpai/backport-2
ff76f42 fix issue with GET on large object (icehouse-backport)
04d0a99 Fix unlink call after successful rename
4c6ca1d updating README file with project name change
10b2680 Merge pull request #18 from thiagol11/icehouse
5bcab8f Updating version on __init__ file
5c2cba2 Merge pull request #15 from thiagol11/update_spec
52b00a8 updating spec file to add dependency on swift icehouse
ae7c93b Merge pull request #6 from prashanthpai/rebase
191e55b Revert: allow non-root user to run functests
cb7e968 Modify unit tests and func tests
d23fd1b Sync with OpenStack Swift v1.13.1
b6d1671 Merge pull request #12 from pushpesh/functionalnosetestremove
962622b Merge pull request #8 from thiagol11/update_readme
4560857 Merge pull request #9 from prashanthpai/spec-expirer
be0ae7e Minor update
65000f1 Removing functionalnosetests
8ab1069 Fix object-expirer.conf-gluster RPM build error
afee30f added new support filesystem section
527b01f updated README.md to Swift-On-File
9a240c7 Merge pull request #3 from thiagol11/add_jenkins_to_travis
34b5a8b removing blank lines
3568b64 fixing missing fi
d8f5b0f adding support to run jenkins triggered by travis
6f4a88c Removing functionalnosetests
8041944 Update README.md
c015148 Merge pull request #2 from thiagol11/master
3ddd952 fixing travis file to run correct unit test
c582669 adding travis status badge to README
8093096 adding py26 unit testing to travis
37835fd trigger travis build
cb6332a adding travis ci testing
All tests have been run sucessfully against this.
tox -e p2p8,py27,functest
Change-Id: I096b611da852d3eb3913844034b443b8272c2ac4
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13188
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the Icehouse release of openstack-swift functional
case classified as fucntionalnose tests have been moved
to functional cases.Although we copied test suites from
test/fucntionalnose/ to test/functional/ but we still
have same cases under test/functionalnose.This might
cause duplicate tests run.
Change-Id: I025206467aad364debd9050b3186e1379d89ffaf
Signed-off-by: Pushpesh Sharma <psharma@redhat.com>
Reviewed-on: http://review.gluster.org/7516
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Tested-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is being done to prepare the code to always call
fs_utils for all filesystem calls on the data being stored.
By creating this interface (i.e., fs_utils), we can then
make a seamless change to use the current method of 'os.'
calls over FUSE _or_ libgfapi. This new method will be introduced
in a new separate patch.
Change-Id: Ic768fa7352d7672b1f060230bb4486f0ec228152
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/7333
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is being made to allow callers to handle
any exception thrown by os.mkdir.
This function is currently never called anywhere in the code.
It was introduced as part of the first commit to this project
but it was never used.
This patch (http://review.gluster.org/#/c/5304/) removed the
early version of this function, and this patch
(http://review.gluster.org/#/c/5305/) added it back with new
exception handling.
Change-Id: I71325660cb47594b0804da3da21920e26d2055f2
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/7350
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The file descriptor is not being closed because
it is self._fd is None
Change-Id: I7edc8a78b09bdd76d59ac8f3dbc809af652f9b0e
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/7315
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is no longer used, the code that called
this function was removed as part of this patch:
http://review.gluster.com/#/c/3390/
Change-Id: I6e81e4b763ce302289e2be5467dc4776f0750c15
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/7336
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Preventing access to expired objects
------------------------------------
Re-enabled accepting X-Delete-At and X-Delete-After headers. During a GET on
an expired object, DiskFileExpired is raised by DiskFile class. This will
result in object-server returning HTTPNotFound (404) to the client.
Tracking objects to be deleted
------------------------------
Objects to be deleted are tracked using "tracker objects". These are PUT into
a special account(a volume, for now). These zero size "tracker objects" have
names that contain:
* Expiration timestamp
* Path of the actual object to be deleted
Deleting actual objects from GlusterFS volume
---------------------------------------------
The object-expirer daemon runs a pass once every X seconds. For every pass it
makes, it queries the special account for "tracker objects". Based on
(timestamp, path) present in name of "tracker objects", object-expirer then
deletes the actual object and the corresponding tracker object.
To run object-expirer forever:
swift-init object-expirer start
To run just once:
swift-object-expirer -o -v /etc/swift/object-expirer.conf
Caveat/Limitation: Object-expirer needs a separate account(volume) that
is not used by other services like gswauth. By default, this volume is
named "gsexpiring" and is configurable.
More info about object expiration:
http://docs.openstack.org/developer/swift/overview_expiring_objects.html
Change-Id: I876995bf4f16ef4bfdff901561e0558ecf1dc38f
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6891
Tested-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-by: pushpesh sharma <psharma@redhat.com>
Tested-by: pushpesh sharma <psharma@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides an infrastructure for swiftkerbauth
related functional test cases.
More test cases will be added later.
Added a section in swiftkerbauth guide about how to run
functional tests.
test/functional_auth/swiftkerbauth
----------------------------------
A new authentication filter related functional
tests and configuration to reside here.
The configuration would help setup the
environment. All the generic functional tests
should run fine with PASSIVE mode of swiftkerbatuh.
Please refere to swiftkerbatuh documentation for
ACTIVE/PASSIVE mode of working.
swiftkerbauth/test_swkrbath_active.py
-------------------------------------
This file has all the testcases of active mode of
swiftkerbauth. More test cases to be added later.
SwiftKerbAuth related test cases are meant to run
on the setup where SwiftKerbAuth is setup and
installed.
Change-Id: Ibc2a3945f5c9b6714475fcec0ee9d153debb48e3
Signed-off-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-on: http://review.gluster.org/6925
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Also, bumped version of gluster-swift to v1.13.0
Change-Id: I797dc704c9523540cba847b1e8ff3da97b79630c
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/7229
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PUT of a directory fails with gluster-swift when there exists
object of a same name. This is because the objects and directories are placed on
the glusterfs. And hence the filesystem semantics are applicable there.
Exceptions raised in such situation are needed to be handled and reported
correctly back to proxy-server with HTTPConflict as a error code. Although
swift still continues to choose 503 as the best respose in such cases. No
tracebacks reported.
Fix covers the case when there exists a directory and object of the same
name is PUT.
Code changes fixes both the failure cases mentioned in the bug.
Examples of failing PUT requests:
1) curl -v -X PUT http://127.0.0.1:8080/v1/AUTH_test/c1/dir1/obj2/anotherobject
-d'asdasdsadA'
-- obj2 was already an object.
2)curl -v -H 'Content-Length: 0' -H 'Content-Type: application/directory' -X PUT
http://127.0.0.1:8080/v1/AUTH_test/c1/obj1
-- obj1 was already and object
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1071021
Change-Id: Id3042d920e3f99e740d4042ef5907ac8c59e04db
Signed-off-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-on: http://review.gluster.org/7181
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Tested-by: Prashanth Pai <ppai@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bumped the version of gluster-swift to v1.12.0.
* Added document on how to do a sync
Change-Id: I676e110759b0bce3007a2a38f3b384b4ca9d710d
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6977
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This reverts commit ad6fb3558019e0f65de0b36c2c2f78d94925838c
Change-Id: I0e04c923880b3b987bedb04fdb10d3f9813bb884
Reviewed-on: http://review.gluster.org/6952
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Jenkins, functional tests occasionally fail in testMetadataOnPost test case
with ResponseNotReady exception. This is an attempt to fix that as I'm
guessing that the following could be the reason.
It is advised to read the whole response body before sending a new request:
http://docs.python.org/2/library/httplib.html#httplib.HTTPConnection.getresponse
http://hg.python.org/cpython/file/2.7/Lib/httplib.py#l1033
Change-Id: I2ee880fd15af8766dcbd12f84ef561a67acdcdce
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6945
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
added input validation for a couple of options and
error handling in case a non-existing account name
is provided
Change-Id: I6d703d584552fc7b7574f34e79ed25a2982b6d5e
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6767
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Tested-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: pushpesh sharma <psharma@redhat.com>
Tested-by: pushpesh sharma <psharma@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some scenarios although the expected response as per the
REST spec is 403, but due to technical limitation/performance
improvements it is decided to go with 401.EX:An admin/regular
user tries to add a reseller admin user.
Change-Id: Ibc280a0be6e5cb81d4d2c46d9a758915ff60ae8f
Reviewed-on: http://review.gluster.org/6833
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Few changes have been merged to upstream swiftkerbauth repo.
This commit brings it down to gluster-swift repo.
Bringing below changes to gluster-swift repo in one go.
http://review.gluster.org/#/c/6296/
http://review.gluster.org/#/c/6370/
http://review.gluster.org/#/c/6595/
http://review.gluster.org/#/c/6713/
http://review.gluster.org/#/c/6732/
Change-Id: I10dc12d75ec63fca313339fbc71e4f18071af552
Signed-off-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-on: http://review.gluster.org/6764
Reviewed-by: Prashanth Pai <ppai@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit creates a new class to validate the cleanup-token
& set-account-service CLI utility.This test tries to cover all the psossible values
that can be passed as user input valid/invalid.
Change-Id: Ia8ca40ca9e63a296b70cb999c6507b7b1ffbdf61
Signed-off-by: Pushpesh Sharma <psharma@redhat.com>
Reviewed-on: http://review.gluster.org/6759
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CLI test case were failing on RHEL systems as the error string
on Fedora19 and RHEL6.4 systems are different however a more gereric
string is there on both of the systems and this is about that only.
It replaces the 'ECONNREFUSED' & 'No address associated with hostname'
with 'Check that the admin_url is valid'.Now the TCs pass on both of
the OS.
Change-Id: Iff8b2719e8917864ed8f80d961c55a7f9f6fc77b
Signed-off-by: Pushpesh Sharma <psharma@redhat.com>
Reviewed-on: http://review.gluster.org/6718
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Imported code till commit f64a3354185f32928e2568d9ece4a52fa4746c05
Changed a code bit to import correct definitions.
kerbauth unit tests do run along with gluster-swift.
Install script does install swiftkerbauth.
import swiftkerbauth from http://review.gluster.org/swiftkrbauth.git
Change-Id: Ia89f2b77cc68df10dee2f41ce074f3381ac3c408
Signed-off-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-on: http://review.gluster.org/6597
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated tox.ini, functional tests, and proxy
unit tests.
BUG: https://bugs.launchpad.net/bugs/1268017
Change-Id: I5ff8359b8abdb8fe5ae82492c12f57c395992735
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6682
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The swauth tools did not handle an invalid admin_url, so it just failed
printing the stacktrace, which is not useful to end users.
This fix catches the exception and prints an error message that can
help user solve the issue.
Change-Id: I806c1cf191b5921e904b155f65cdbde5f2aac695
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6431
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the code to only allow the super_admin to delete a reseller_admin.
This follows the same logic of user creation, where only the super_admin
can create a reseller_admin.
Also, took the opportunity to refactor some code and implemented
get_user_detail method to remove duplicated code
Bug 1260239: https://bugs.launchpad.net/gluster-swift/+bug/1260239
Change-Id: I9e4866cd7ad08698f427846be566ab2364ad4850
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6516
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users were not able to update their own password/key
with the update operation resulting in 403 (HTTPForbidden).
EXAMPLES:
Command to update password/key of regular user:
gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass
Command to update password/key of account admin:
gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass
Command to update password/key of reseller_admin:
gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass
BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227
Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6650
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is quite possible that errors on a previous write()
operation are first reported at the final close().
For fruther info, refer to: http://review.gluster.org/#/c/6269/
Change-Id: If0fbe2f5109d28c82cb493f2526fd5057f86b556
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6608
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
| |
Change-Id: I994b0e45d4fdb898378de7cd103f7e429a7fd9cc
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6662
Reviewed-by: Thiago Da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit does following:
1.New functions in Utils based on CLI
2.Fixes for existing suite
3.Test cases for non super_admin users doing user/account operations
I tried to cover most of the possible test cases that can be duducted
from the swauth dev guide and swuath user role matrix.These resources
can be found here:
https://raw.github.com/rbeede/swauth/master/doc/source/Draft%20Security%20Guide/swift_swauth_roles_matrix.png
http://gholt.github.io/swauth/dev/
Change-Id: I3267a718e5432cddc751ec53fe9b05ef9061a5e3
Signed-off-by: Pushpesh Sharma <psharma@redhat.com>
Reviewed-on: http://review.gluster.org/6537
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- 401(Unauthorized) is to be returned when user credentials are
wrong where as 403(Forbidden) is to be returned when user
credentials are correct but the user doesn't have the priveleges
to carry out the operation.
- Also error messages displayed when using swauth-* command line
utilities have been updated.
Change-Id: I485786896ad14d3263f4325d1857cacc93adab96
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6336
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6447
Reviewed-by: Thiago Da Silva <thiago@redhat.com>
Tested-by: Thiago Da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DiskWriter was closing the file descriptor when it finished
writing but initializing it to None. Therefore, the DiskFile
context manager would then try to close it also.
Change-Id: I188ec814d025e28c7b89532f0502ebf1d4a20a09
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6317
Reviewed-by: Peter Portante <pportant@redhat.com>
Reviewed-by: pushpesh sharma <psharma@redhat.com>
Tested-by: pushpesh sharma <psharma@redhat.com>
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6487
|
|
|
|
|
|
|
|
|
| |
* Need to replace functions which are not supported in python 2.6
Change-Id: I4308f7c43a60fde9d8538b53422ddc18499dc1f9
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6457
Reviewed-on: http://review.gluster.org/6484
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cli tools for account and user mgmt have been renamed
from swauth-* to gswauth-*
Updated other configuration and test files accordingly
Change-Id: Iced3bb27fbd09da45754ddb264f8fb4528ab423c
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6417
Reviewed-by: pushpesh sharma <psharma@redhat.com>
Tested-by: pushpesh sharma <psharma@redhat.com>
Reviewed-by: Shilpa MJ <smanjara@redhat.com>
Tested-by: Shilpa MJ <smanjara@redhat.com>
Reviewed-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* Updated Proxy unit test
* Updated Functional tests
* Updated Tox to point to the new swift snapshot available
on http://launchpad.net/gluster-swift
Change-Id: Ia91593c6a28d5a3fe70715ddc60546931ae71635
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6445
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unit tests failed as upstream swift was updated with this commit:
f0c0855ec8207fa8be63ed4f3135c8e29a31acc0
Updated gluster-swift unit tests accordingly.
Change-Id: I286c807a17d79c2d9a21ee436f029a0f59cb9b7b
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6268
Reviewed-by: Peter Portante <pportant@redhat.com>
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The issue was due to missing a necessary change that was made when changing
the auth account name from .auth to metadata volume.
the auth account has a group of the same name, so the .auth account
also had a .auth group, so we needed to change that too to the
metadata volume (e.g., gsmetadata)
Change-Id: Iaa3b7a1b2628f5b863807932e863593be0011a82
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6416
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Gluster-swift does not support X-Delete-After or X-Delete-At
headers. The code needs to inform the caller with a 400-BadRequest
if they use these headers.
Change-Id: Ic9d3a1646c0d26bb0204245efce4501f7479fee6
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6364
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All the configuration files were missing settings used when
gluster-swift is installed
Change-Id: I4ff877241a5965f2b0359e0549629614596045bb
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6430
Reviewed-by: Thiago Da Silva <thiago@redhat.com>
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: pushpesh sharma <psharma@redhat.com>
Tested-by: pushpesh sharma <psharma@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
swauth-list now shows lists of accounts, users and groups
in a tabular format (default). JSON and plain-text options
are still available
Change-Id: I897009f5f6c05aa4c14e306bb6ad35234e993fcd
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6347
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test suite plans to tests following gswauth commands:-
1. swauth-prep
2. swauth-add-account
3. swauth-delete-account
4. swauth-add-user
5. swauth-delete-user
6. swauth-set-account-service
7. swauth-cleanup-tokens
8. swauth-list
It uses 'commands' python module to execute gswauthcommands,
and capture the status and output of commands followed by
asserts to verify if the captured status and output is same
as expected ones.This initial draft has tests for first 1-5
commands.
Change-Id: I8591884e87c6ffd88446aacd04a1db2daab2d189
Signed-off-by: Pushpesh Sharma <psharma@redhat.com>
Reviewed-on: http://review.gluster.org/6277
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
|